The Sad Human Cost of Ransomware, Leaked LockBit builder turns TeamViewer into a Trojan horse, Trello in big trouble and more.

The Silent Killer in the Cybersecurity Domain

Ransomware attacks are taking a toll on the mental and physical health of information security professionals, according to a report by the Royal United Services Institute (RUSI). The study highlights instances of heart attacks, hospitalizations, and burnout among cybersecurity workers dealing with the aftermath of ransomware incidents. The industry's challenging work environment, poor staffing levels, and high stress contribute to mental health issues, often leading to personal and professional consequences. The report emphasizes the need for recognizing and addressing the psychological impact of ransomware attacks on individuals within the cybersecurity field. (theregister.com)

My Thoughts: The RUSI report highlights the often-overlooked human toll of ransomware attacks, portraying a dark reality where cybersecurity professionals face not only the technical challenges but also the profound psychological and physical consequences of their work. This emphasizes the importance of employers properly taking care of their employees. Regular psychological support, awareness programs, and forums for sharing experiences can contribute to building a resilient workforce. As ransomware attacks continue to escalate, cybersecurity professionals need not only the right tools and training but also a robust support system to navigate the psychological challenges that accompany this relentless cyber threat.

Need to talk about these challenges in your enterprise? Assurance IT can help you in an effective way.

There’s a reason we have our customer success program. Send me a message.

Cybersecurity success or just dodging a digital bullet?

Memorial University's Grenfell Campus in Corner Brook suffered a ransomware attack on December 29, leading to encrypted data on servers and a week-long delay in classes. MUN President Neil Bose confirmed that no data was compromised, and forensic work was done in collaboration with cybersecurity experts. The university is gradually restoring the affected servers, with plans to consolidate networks for enhanced security. (cbc.ca)

No compromised data? Unfortunately, that doesn’t mean it’s all good.

My Thoughts: The delayed response to the cyberattack aligns with standard practice to protect ongoing investigations. It is uncertain how the university was breached. The statement referencing consolidation leads me to believe the back-end systems were targeted and compromised. Often this happens when user credentials of an IT administrator are compromised, and permissions attributed to that user can run through the IT environment causing havoc.

The mention of consolidating networks is a positive step and reduces the potential attack surface, but the emphasis should be on proactive defense rather than reactive recovery.

All of our solutions fall into our PPR Methodology: Prepare, Protect, Recover. Check it out below:

AsssuranceIT.ca

They’re still just “hoping for the best”?

A threat actor claims to have breached Trello, exposing 15,115,516 user records, including emails, usernames, full names, and other details. The alleged data breach raises concerns about the security of sensitive information. While Trello's website appears functional, an official response is awaited, leaving the situation uncertain. This is not the first time Trello faced security issues, as a similar incident occurred in 2020, highlighting recurring concerns about user data protection. (thecyberexpress.com)

So essentially, hope for the best, ignore the rest?

That’s not how we operate.

My Thoughts: Whenever I hear stories about personal data being breached, it makes my skin crawl. Having been a victim of identify fraud myself many years back, I understand the potential nightmare associated with someone using your identity fraudulently. To my defense this was in the early 90’s and it was not through an online avenue. The recurrence of security issues with Trello underscores the need for a robust data protection strategy especially when personal identifiable information is present. Be sure to conduct PIA’s regularly and as an organization ask yourself if you are truly responsible for the data you are handling.

The lack of an official response from Trello adds to the uncertainty, emphasizing the importance of transparency and timely communication in such situations.

Leaked LockBit builder turns TeamViewer into a Trojan horse for ransomware infiltrations

Ransomware actors are once again exploiting TeamViewer to gain initial access to organization endpoints and attempt to deploy encryptors based on the leaked LockBit ransomware builder, according to a report from Huntress. TeamViewer, a legitimate remote access tool widely used in the enterprise world, is being misused by cybercriminals for unauthorized access. The attackers use TeamViewer to drop and execute malicious files, attempting to deploy ransomware on compromised devices. The report highlights similarities to a case reported in 2016 and reveals recent instances where attackers used TeamViewer to deploy ransomware payloads. The attacks seem linked to the leaked LockBit 3.0 builder, allowing the creation of various encryptor versions. The report emphasizes the importance of strong security practices for TeamViewer users to prevent unauthorized access and attacks. (bleepingcomputer.com)

My Thoughts: The resurgence of ransomware attacks leveraging TeamViewer underscores the persistent exploitation of legitimate tools by cybercriminals. “While it is unclear how the threat actors are now taking control of TeamViewer instances” .... This is worrisome, essentially telling us the company has not identified the point of entry. They do however continue to say that guessing easy passwords could potentially be the way of entry. Especially if using an outdated version of their software.

Moral of the story. TeamViewer's response emphasizes the importance of maintaining strong security practices, including complex passwords, two-factor authentication, and regular software updates, to mitigate the risk of unauthorized access.

Want to begin or improve your cyber resilience journey? Book me in your calendar and we can discuss.

‍